Are Your Digital Assets Vulnerable to Cyber Attacks?
The cybersecurity world is constantly evolving, attackers never rest, and in today's e-commerce world, personal data breaches, intellectual property theft, and ransomware attacks are becoming increasingly common.
Threats You're Facing
Data security is key to an organization's long-term success
Data Breaches
Exposure of personal and corporate data to unauthorized access
Ransomware
Malicious software that locks systems and demands ransom
Intellectual Property Theft
Risk of company secrets and patents being stolen
Advanced Persistent Threats
Long-term and complex cyber attacks (APT)
Protect Your Data with NexusTest
Responsible organizations make large investments to protect their digital assets; however, they often underestimate the security of their assets and fail to take testing steps to ensure their defenses are still strong and current.
Cybersecurity testing conducted by NexusTest can help ensure your data is properly protected.
Security Standard for Consumer IoT Devices
The standard defines high-level cybersecurity and data protection provisions for consumer IoT devices connected to the internet or a home network and for their associated services. ETSI TS 103 701 is used for the systematic assessment of conformity.
Covered IoT Devices:
What does the standard target?
ETSI EN 303 645 is an outcome-focused baseline security framework. Its goal is to catch common design weaknesses such as default passwords, weak update processes, exposed services and poor data protection before products reach the market.
Assessment note
The standard focuses on the most common and important weaknesses rather than prolonged physical access or highly sophisticated threat actors. That is why the assessment combines document review, supplier statements and functional verification.
What we focus on during testing
The 13 cybersecurity topics in ETSI EN 303 645 and the related data protection provisions are translated into these control groups in the lab:
Default credentials
We review the absence of universal default passwords, secure identity setup during onboarding and protections against brute-force attacks.
Vulnerability handling
We assess the vendor's vulnerability disclosure process, security contact point and ability to respond to incidents.
Software updates
We verify the update mechanism, integrity protections, declared support period and secure delivery of security patches.
Secure communications and secrets
Keys, tokens, certificates and other sensitive security parameters are checked for secure storage, and network communications are reviewed for secure protocols.
Attack surface and integrity
We review unnecessary services, open ports, debug interfaces, weak API behavior and software integrity controls.
Privacy, resilience and user data
We verify personal data protection, telemetry transparency, resilience to outages, user data deletion and input validation behavior.
Assessment flow according to ETSI TS 103 701
Scope and architecture definition
The device, associated services, interfaces, user roles and consumer use case are clarified so the applicable provisions can be identified.
ICS / IXIT preparation
Supplier statements, supported security features, update structure, authentication, data processing details and extra test information are collected.
Conceptual and functional tests
Based on the TS 103 701 test groups, we perform document review, configuration checks and functional verification of device behavior, including associated services where needed.
Findings and remediation
Conformity status, evidence, risk level and corrective recommendations are reported for each applicable clause, followed by a re-test plan where required.
Laboratory and documentation outputs
EN 18031 Harmonized Standard Series
EN 18031-1, EN 18031-2 and EN 18031-3 are among the clearest technical routes for demonstrating RED cybersecurity compliance. They are especially relevant for managing network protection, personal data privacy and fraud risks in internet-connected radio equipment.
Regulatory connection
The series supports the essential requirements in RED Article 3(3)(d), 3(3)(e) and 3(3)(f). Its references were published in the OJEU on 30 January 2025, and the related RED cybersecurity requirements became applicable on 1 August 2025.
How NexusTest can support you
We help determine which EN 18031 part applies to your product, build the right test plan, structure the technical file and risk analysis, and manage the laboratory and compliance workflow in one coordinated process.
The three harmonized parts of the series
Internet-connected radio equipment
Focuses on preventing harm to the network or its functioning. Secure configuration, access control, update management and system hardening expectations are concentrated here.
Radio equipment processing data
Targets equipment processing personal data, traffic data or location data. In addition to internet-connected products, it defines extra security expectations for childcare equipment, toys and wearables.
Devices processing virtual money or monetary value
Aims to reduce fraud risks in internet-connected radio equipment involved in payments, e-money, digital wallets or similar monetary transactions.
Compliance timeline
Delegated Regulation (EU) 2022/30 was published
It defined which classes of radio equipment would be subject to the RED essential requirements in Article 3(3)(d), 3(3)(e) and 3(3)(f).
EN 18031 references were published as harmonized standards
Commission Implementing Decision (EU) 2025/138 published the OJEU references for EN 18031-1, EN 18031-2 and EN 18031-3.
Application became mandatory
Following the postponement introduced by Regulation 2023/2444, the RED cybersecurity requirements began to apply in practice from this date.
Important implementation notes
The sections named “rationale” and “guidance” do not on their own provide presumption of conformity; the main assessment should follow the normative requirements.
Allowing the user to continue without setting and using a password can undermine presumption of conformity under the OJEU notices for EN 18031-1, EN 18031-2 and EN 18031-3.
For childcare equipment, toys and wearables under EN 18031-2, parent or guardian access control should be verified carefully.
For EN 18031-3, the fraud-related assessment criteria highlighted in the OJEU notices need additional attention.
Our Cybersecurity Approach
Our security assessment service is designed to identify potential threats and risks to information security
Comprehensive Testing Method
We use our knowledge of advanced persistent threats (APTs) and the tools, tactics, and procedures that real malicious actors would exploit to comprehensively test your organization's cyber defenses.
Methodological Approach
Our penetration tests are tailored to your business or organization's specific needs to provide a cost-effective solution.
Methodological Approach:
- Eliminates the possibility of a false sense of security
- Guarantees consistency of results
- Ensures all vulnerabilities are found
What You Get with Cybersecurity?
Executive Summary Report
Clear, action-oriented summary for senior management
Evidence-Based Risk Analysis
Evidence-based risk assessment and prioritization
Technical Documentation
Detailed technical documents to reproduce findings
Tactical Recommendations
Immediately actionable short-term solutions
Strategic Recommendations
Roadmap for long-term security strategy
Cybersecurity Services Overview
Penetration Testing
We test your systems with real attack scenarios
Vulnerability Assessment
We identify weaknesses in your systems
IoT Security Testing
IoT device testing according to ETSI EN 303 645 standard
Information Security Certification
Compliance with ISO 27001 and other standards
Information Security Certification
With regulated and certified management systems in information security, you create a long-term defense against unexpected events, unauthorized access, and unwanted changes.
Business Continuity
Uninterrupted service delivery
Reputation Protection
Reliability and credibility
Customer Trust
Increased customer loyalty
Leave Your Cybersecurity to Professionals
As NexusTest, we are here to protect your digital assets and build a strong defense against cyber threats.